From f675b88761385a872c9366ebff40f06c99ea20a1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=88=98=E7=A5=A5=E8=B6=85?= <iwind.liu@gmail.com>
Date: Sat, 1 Apr 2023 17:09:53 +0800
Subject: [PATCH] =?UTF-8?q?nftables=EF=BC=9A=E8=87=AA=E5=8A=A8=E5=8D=87?=
 =?UTF-8?q?=E7=BA=A7=E4=BB=A5=E5=89=8D=E7=9A=84drop=E8=A7=84=E5=88=99?=
 =?UTF-8?q?=E4=B8=BAreject=E8=A7=84=E5=88=99?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 internal/firewalls/firewall_nftables.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/internal/firewalls/firewall_nftables.go b/internal/firewalls/firewall_nftables.go
index 66d085a..1e107e5 100644
--- a/internal/firewalls/firewall_nftables.go
+++ b/internal/firewalls/firewall_nftables.go
@@ -13,6 +13,7 @@ import (
 	"github.com/TeaOSLab/EdgeNode/internal/goman"
 	"github.com/TeaOSLab/EdgeNode/internal/remotelogs"
 	executils "github.com/TeaOSLab/EdgeNode/internal/utils/exec"
+	"github.com/google/nftables/expr"
 	"github.com/iwind/TeaGo/types"
 	"net"
 	"os/exec"
@@ -229,6 +230,16 @@ func (this *NFTablesFirewall) init() error {
 			// rule
 			var ruleName = []byte(setAction)
 			rule, err := chain.GetRuleWithUserData(ruleName)
+
+			// 将以前的drop规则删掉，替换成后面的reject
+			if err == nil && setAction != "allow" && rule != nil && rule.VerDict() == expr.VerdictDrop {
+				deleteErr := chain.DeleteRule(rule)
+				if deleteErr == nil {
+					err = nftables.ErrRuleNotFound
+					rule = nil
+				}
+			}
+
 			if err != nil {
 				if nftables.IsNotFound(err) {
 					if tableDef.IsIPv4 {